Have RT append characters to username when they first login

jsmith · August 30, 2018, 9:24pm

I have RT 4.4.2 running connected to 2 external ldap servers. One of the connections is to ADLdap. The ‘sAMAccountName’ that gets mapped is just a number in AD. RT does not like just a number so when the user tries to login it errors. My question: Where can I have RT edit the ‘Name’ attribute as it logs in for the first time so that it appends characters to it and changes it from just numbers. Example LDAP User: 123456 logins as rt123456.
Any suggestions would be helpful.

‘AD_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘ad.domain’,
‘user’ => ‘user’,
‘pass’ => ‘password’,
‘base’ => ‘DC=ad,DC=domain’,
‘group_attr’ => ‘member’,
# A list of RT attrs which can uniquely identify a user,
# ordered from most to least preferred.
‘tls’ => 1,
‘net_ldap_args’ => [ version => 3 ],
‘attr_match_list’ => [
# ‘ExternalContactInfoId’,
‘Name’,
‘EmailAddress’,
‘RealName’,
‘WorkPhone’,
‘Address2’,
],
# Import the following properties of the user from LDAP upon
# login
‘attr_map’ => {
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘Name’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’,

I dont have access to the external LDAP.

elacour · August 31, 2018, 8:42am

It’s not too hard to update RT and disable the auto-loading by user id when user Name is numerical. I would do this in your case so user do not have to use a different login than others apps.

Something like this (here user id takes precedence over user name):

diff --git a/lib/RT/User.pm b/lib/RT/User.pm
index ca47377cf3..c80fe01acf 100644
--- a/lib/RT/User.pm
+++ b/lib/RT/User.pm
@@ -478,7 +478,11 @@ sub Load {
     my $identifier = shift || return undef;
 
     if ( $identifier !~ /\D/ ) {
-        return $self->SUPER::LoadById( $identifier );
+        $self->SUPER::LoadById( $identifier );
+        unless ( $self && $self->id ) {
+            RT::Logger->info("Load by user id failed, trying to load by name");
+            return $self->LoadByCol( "Name", $identifier );
+        }
     } elsif ( UNIVERSAL::isa( $identifier, 'RT::User' ) ) {
         return $self->SUPER::LoadById( $identifier->Id );
     } else {
diff --git a/local/lib/RT/User_Local.pm b/local/lib/RT/User_Local.pm
index e69de29bb2..ab664d0dfa 100644
--- a/local/lib/RT/User_Local.pm
+++ b/local/lib/RT/User_Local.pm
@@ -0,0 +1,14 @@
+package RT::User;
+
+use strict;
+no warnings qw(redefine);
+
+# We use numerical Names, override generic check RT::Record::ValidateName here
+sub ValidateName {
+    my $self = shift;
+    my $value = shift;
+
+    return 1;
+}
+
+1;

Else if you want to prepend a string on import, you would have to modify lib/RT/Authen/ExternalAuth.pm.

jsmith · August 31, 2018, 9:17pm

Thank you @elacour for the quick response. I implemented this change, and all is well with numeric logins now.

jsmith · September 6, 2018, 11:34pm

I will have to note, now that we are using this. Ticket searching by owner when they are a number does not work. The search looks for the id or ticket number if a number is given. There are workarounds but I assume appending a letter to the front of the username will prevent this. No sure if there will be other weird behavior along the way. If we have to move forward with that change, where in lib/RT/Authen/ExternalAuth.pm would the change need to be made?
Thanks the help!